Content delivery service providing apparatus and content delivery service terminal unit

ABSTRACT

On the content delivery side, a user management control unit manages authentication information and the distribution of a delivery list at the time of delivering service, the acceptance of a content select request, and charging and settlement on a user basis. On the other hand, an encrypted content control unit creates a content key and an encrypted content using the content key on the basis of a content key creating condition from a copyright owner or copyright manager. Then, an encrypted content key control unit encrypts the corresponding content key using medium information, or medium information and terminal device unique key information presented at the content request, delivers the key to the requester. Then, a content delivery control unit delivers the corresponding encrypted content to the requester at the content request.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No.10/807,313, filed Mar 24, 2004, which claims the benefit of priorityfrom prior Japanese Patent Application No. 2003-146704, filed May 23,2003, the entire contents of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a content delivery service providing apparatuswhich performs the service of delivering content via a communicationline to users' terminal units and to a user terminal unit which receivesthe service, and more particularly to the technique for protecting thecopyright for content.

2. Description of the Related Art

With recent advances in communication techniques as found in theInternet, and in data compression techniques or the like in digitalsignal processing, a tremendous amount of content data, including musicdata, movies data, and game data, can be delivered, which enables usersto receive content delivery services, regardless of time and place.Generically, a system to realize the content delivery service is suchthat a person who wants to buy or view (hereinafter,

The terminal date-and-time synchronizing unit 250 acquires the date andtime from the server date-and-time synchronizing unit 160 in theuser-side unit 200 via the communication line 300, accepts a requestfrom the medium linking content acquiring unit 220 or the like, andissues the date and time. Unlike a timer settable on the user side, theunit 250 has a date-and-time holding system that cannot be externallyset. Alternatively, when a timer settable on the user-side unit 200 isused, the date and time in the timer may be externally updated insynchronization with the server side. The terminal date-and-timesynchronizing unit 250 is not necessarily included in the user-side unit200 and may acquire the information directly from the serverdate-and-time synchronizing unit 160.

The content viewing unit 260, which is such a device as a display or aTV, accepts the content presentation information from the contentpresentation control unit 240 and enables the user to view the content.

With the content delivery system configured as described above, gainingsimple access and selecting contents via a communication line enablesthe contents to be written onto a specific information storage medium230 in a copyright-protected manner and to be viewed (reproduced orbrowsed) according to the user's request. In addition, various forms ofcharge setting, a user) accesses the content delivery center that isdelivering the desired content, via the communication terminal unit,such as a personal computer or a set-top box (STB), informs a purchaseor view request according the menu screen, and then is allowed todownload or reproduce the content.

Presently, however, even if the user accesses the center, he or she canonly get the introduction of content or the advertising content in thecase of popular or topical content. Since most of the desiredaudio-visual full contents have to be bought by mail order, the usercannot view the content immediately. The reason is that the copyrightowner of the content (or the copyright manager, hereinafter, both of theconcepts are sometimes generically called the copyright owner) has notyet trusted the personal computer using a communication line, because ofillegal copying. As described above, in spite of users' requests orbusiness attractions, content delivery services are in a very passivesituation in terms of the delivery of important content because of theillegal distribution problem.

On the other hand, some apartment house suppliers buy topical contentfrom copyright owners to position themselves from the rest and offerservices using a communication line to the customers in their ownapartment buildings. In such a content distribution form, however, thefollowing problems arise: a lot of content purchase money is needed andordinary users cannot join the service.

Prior-art examples of a system related to the present invention includethe following patent documents 1 to 5.

Patent document 1 (Jpn. Pat. Appln. KOKAI Publication No. 2001-344216)has disclosed a download system using a record-limit-information-addedmemory card. In the download system, the record limit information keyand the content key are recorded as encrypted record limit informationin a readable, writable protective area in the data area of a memorycard after two-way authentication is successful, thereby preventingillegal download or making it impossible to rewrite or read easily therecord limit information to charge for download, which enables contentto be downloaded according to the record limit information.

Patent document 2 (Jpn. Pat. Appln. KOKAI Publication No. 2001-306954)has disclosed a data delivery system which acquires usage informationfrom the unit in use each time delivery data is used and distributes theprice for the data delivery to the related entities in the desiredproportions on the basis of the usage information.

Patent document 3 (Jpn. Pat. Appln. KOKAI Publication No. 2000-349725)has disclosed a broadcast receiver unit which combines channel receptioncontract information with channel transmission contract information toform a usable contract information list corresponding to the specifiedcontent information, determines conditions for the use of content on thebasis of the list, and controls the use of the reception contentinformation on the basis of the conditions.

Patent document 4 (Jpn. Pat. Appln. KOKAI Publication No. 2000-339227)has disclosed a data operation method. In the data operation method,content is encrypted using the content key to create the encryptedcontent, a part of the content is extracted as sample data,watermark-included sample data in which the secret key obtained byencrypting the content key using the user information has been embeddedas invisible information is created, and the combined data obtained bycombining the watermark-included sample data with the encrypted contentis delivered, thereby preventing not only the infringement of copyrightbut also the destruction or loss of permission information to decryptthe encrypted content.

Patent document 5 (Jpn. Pat. Appln. KOKAI Publication No. 09-134311) hasdisclosed a security system which writes the device ID, medium ID,permission information encrypted using the data encryption key, andencrypted data into a medium. When reading the data, the security systemdecrypts the data decryption key from the medium ID, permissioninformation, and its device ID read from the medium, and decrypts theencrypted data read from the medium using the decrypted data decryptionkey, thereby enabling only the device with the device ID to makedecryption and preventing the encrypted data from being decrypted evenif the medium or recovery program is stolen, which maintains theconfidentiality of the encrypted data on the medium.

Patent document 6 (Jpn. Pat. Appln. KOKAI Publication No. 2002-196982)has disclosed a system which includes a medium section wherecopyright-added content data is encrypted in a reproducible manner andrecorded, and an information recording medium in which managementinformation to determine whether to record or reproduce thecopyright-added content data is recorded and which has a control unitwith the function of authenticating each of a recording unit forperforming a recording process and a reproducing unit for performing areproducing process. Only when the authenticating function hasauthenticated the recording or reproducing unit and the managementinformation has determined that recording/reproducing is possible, thesystem can record/reproduce the content data, thereby recording thecontent data, while protecting the data from illegal use.

As described above, in spite of users' requests or business attractions,content delivery services are in a very passive situation in terms ofthe delivery of important content, because the illegal distributionproblem is an impediment to the trust of copyright owners.

BRIEF SUMMARY OF THE INVENTION

It is, accordingly, an object of the present invention to provide acontent delivery service proving apparatus which has a copyrightprotection mechanism to prevent an illegal distribution of content,thereby gaining the trust of content copyright owners or copyrightmanagers, and which is capable of realizing effective content deliveryservices via a communication line at reasonable price, and a terminalunit capable of receiving the services.

The forgoing object is accomplished by providing a content deliveryservice providing apparatus which provides content delivery service viaa communication line to a user-side terminal unit capable of recordingcontent into an information storage medium into which at least a mediumunique identifier and medium information on medium key information havebeen written, or into a different information storage medium from theinformation storage medium with the information storage medium beingset, the content delivery service providing apparatus comprising: a usermanagement control unit which preregisters user information includingpersonal information about a user applying for subscription to thedelivery service, service range, and payment method, and manages thedistribution of authentication information and the distribution of adelivery content select list at the time of providing service on a userbasis, the acceptance of a content select request, charging, andsettlement; an encrypted content control unit which acquires not onlycontent but also a content key creation condition from a copyright owneror copyright manager of the content who provides the delivery service,and creates a content key on the basis of the content key creationcondition and encrypted content on the basis of the content key; anencrypted content key control unit which accumulates the content keyscreated at the encrypted content control unit and, at the same time,registers all of or a part of the medium information in the informationstorage medium and, using the medium information or the mediuminformation and terminal device unique key information presented at theuser's content request, encrypts the content key corresponding to therequested content, and issues the encrypted content key to the terminalunit of the requesting user; and a content delivery control unit whichaccumulates the encrypted contents created at the encrypted contentcontrol unit, selects the corresponding content at the user's contentrequest, and delivers the encrypted content to the terminal unit of therequesting user.

Additional objects and advantages of the invention will be set forth inthe description which follows, and in part will be obvious from thedescription, or may be learned by practice of the invention. The objectsand advantages of the invention may be realized and obtained by means ofthe instrumentalities and combinations particularly pointed outhereinafter.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate presently preferred embodiments ofthe invention, and together with the general description given above andthe detailed description of the preferred embodiments given below, serveto explain the principles of the invention.

FIGS. 1A and 1B are conceptual diagrams showing the configuration of anembodiment of a content delivery system according to the presentinvention;

FIGS. 2A, 2B and 2C are block diagrams showing a concrete configurationof the content delivery system of the embodiment;

FIGS. 3A and 3B are flowcharts to help explain the processes of a usermanagement control unit of the embodiment;

FIGS. 4A and 4B are flowcharts to help explain the processes of the usermanagement control unit of the embodiment;

FIG. 5 is a flowchart to help explain the processes of an encryptedcontent control unit of the embodiment;

FIG. 6 is a flowchart to help explain the processes of an encryptedcontent key control unit of the embodiment;

FIGS. 7A, 7B and 7C are flowcharts to help explain the processes of acontent delivery control unit of the embodiment;

FIG. 8 is a flowchart to help explain the processes of a serverdata-and-time synchronizing unit of the embodiment;

FIGS. 9A and 9B are flowcharts to help explain the processes of a mediumlinking content acquiring unit of the embodiment;

FIG. 10 is a flowchart to help explain the processes of the mediumlinking content acquiring unit of the embodiment;

FIGS. 11A and 11B are flowcharts to help explain the processes of acontent presentation control unit of the embodiment;

FIG. 12 is a flowchart to help explain the processes of a terminaldate-and-time synchronizing unit of the embodiment; and

FIG. 13 is a flowchart to help explain the processes of a contentviewing unit of the embodiment.

DETAILED DESCRIPTION OF THE INVENTION

Hereinafter, referring to the accompanying drawings, an embodiment ofthe present invention will be explained.

FIGS. 1A and 1B are conceptual diagrams showing the configuration of acontent delivery system according to the present invention. The systemcomprises a content delivery service center unit (hereinafter, referredto as the center-side unit) 100 and a user-side unit 200 which accessesthe unit 100 via a communication line 300, thereby receiving contentdelivery services.

The center-side unit 100 includes a user management control unit 110, anencrypted content creating section 120, an encrypted content key controlunit 130, a content delivery control unit 140, an option informationinput unit 150, and a server date-and-time synchronizing unit 160. Theuser-side unit 200 includes a user access content selecting unit 210, amedium linking content acquiring unit 220, an information storage medium230 with medium information (medium key information and medium uniqueidentifier), a content presentation control unit 240, a terminaldate-and-time synchronizing unit 250, a content viewing unit 260, aninformation storage medium 270 without medium information (medium keyinformation and medium unique identifier) (hereinafter, just referred toas a storage medium in distinction from the information storage medium230).

(Center-side Unit 100)

When the user selects content using the communication line 300, the usermanagement control unit 110 receives information about variousrequirements necessary to a service subscriber application and thepayment method presented by the user and determines whether theapplicant user is a qualified person to receive the service.

The service subscriber application method includes contacting theoperator by phone, submitting a document by mail, and performing datacommunications by means of the user access content selecting unit 210.Information about the requirements necessary for service subscriberapplication includes, for example, name, birth date, address, sex,telephone number, and the type of services subscribed (such as viewingonly movies content, viewing only sports content, or viewing all of thecontents). The payment method includes a prepaid card method and acredit card method. Information about the payment method includes, forexample, the prepaid card number, credit card number, and cardexpiration date.

At the time of the determination of the requirements, when the paymentmethod is credit card payment, the necessary information is transmittedto the clearing corporation to check if payment is possible. If paymentis possible, a settlement identifier is received from the clearingcorporation and registered. At this time, to avoid the risk of creditcard information leaks, the credit card number and the expiration dateof the credit card are deleted from the registration information.

If it has been determined that the applicant user is an unqualifiedperson who cannot receive the service, the applicant user is informedorally, in writing, or via the user access content selecting unit 210that he or she cannot subscribe to the service. If it has beendetermined that the applicant user is a qualified person who can receivethe service, he or she is registered as a service permitted user and theinformation presented by the user is accumulated. Then, theauthentication condition (user ID, password, or the like) necessary tolog on is issued to the applicant user by word of mouth, in writing, viaa storage medium, such as an IC card, or via the user access contentselecting unit 210.

When the authentication condition is issued via a storage medium or theuser access content selecting unit 210, the identifier (user ID) toidentify the user or the identifier (device ID) to identify the unitused on the user side may be encrypted and then issued.

The user management control unit 110 reads the corresponding userinformation for the user who has logged on according to theauthentication condition via the user access content selecting unit 210,determines from the registered service type what services (range) theuser can receive, and issues authentication information to the useraccess content selecting unit 210 of the login user. When a content listdisplay request is made from the user access content selecting unit 210on the basis of the authentication information, the user managementcontrol unit 110 selects the content list and format corresponding tothe requesting user, edits the selected content list in a format thatenables the user access content selecting unit 210 to display, andissues the result to the user access content selecting unit 210.

Furthermore, the user management control unit 110 accepts the contentselection from the user access content selecting unit 210 and confirmswhether charging requirements are fulfilled before or after the contentdelivery, on the basis of the settlement identifier received from theclearing corporation (this confirming process is called credit). If theselected content is impossible to buy, the user management control unit110 informs the user access content selecting unit 210 of the fact ascredit information. If it is possible to buy the selected content, theuser management control unit 110 informs the user access contentselecting unit 210 of the fact as credit information and asks the useragain if he or she really wants to buy. When the user eventuallyacknowledges the purchase, the user management control unit 110accumulates not only the information as charging and settlementinformation but also information about what content was selected andpurchased at what time and information about the content viewingcondition as user information.

The encrypted content control unit 120 acquires the content and thecondition for creating a content key used to encrypt and decrypt thecontent from the copyright owner or manager of the content, creates acontent key on the basis of the condition, encrypts the content on thebasis of the content key, and then issues the encrypted content andcontent key. Here, embedding an electronic watermark into the contentenables the content provider to be identified in case of the detectionof illegal copying.

The encrypted content key control unit 130 accumulates the content keycreated at the encrypted content control unit 120 in such a manner thatthe content key corresponds to the encrypted content. Then, theencrypted content key control unit 130 accepts the contentidentification information from the content delivery control unit 140 orthe like and the medium information in the information storage medium230 (the medium key information and medium unique identifier written inthe read-only area of the information storage medium 230) acquired fromthe medium linking content acquiring unit 220 via the communication line300, selects the content key corresponding to the encrypted content onthe basis of the content identification information, encrypts thecontent key on the basis of the previously registered device unique keyinformation and the medium information in the information storage medium230 to create an encrypted content key, and issues the encrypted contentkey to such a requester as the content delivery control unit 140. Whenoption information is given, the encrypted content key control unit 130creates the encrypted content key in such a manner that the key includesthe option information, and issues the key to the requester.

The option information includes information to identify the contentdelivery control unit 140, information to identify the medium linkingcontent acquiring unit 220, information to identify a region,information to identify a user, information to show the content viewingcondition, and content control incidental information (e.g., menuinformation, transition information within the content (e.g., thumbnailand menu link)), external link information (e.g., connection addressesfor the Internet), and guidance information (e.g., characters and stillpictures). These pieces of option information are received from such aunit as the content delivery control unit 140 or the medium linkingcontent acquiring unit 220, or are acquired directly from the optioninformation input unit 150.

The medium information in the information storage medium 240,identification information about the content delivery control unit 140,identification information about the medium linking content acquiringunit 220, user identification information, content viewing conditioninformation, content control incidental information, and the like may benot only received via the content delivery control unit 140 but alsoacquired from another unit, such as the medium linking content acquiringunit 220 or acquired directly by the input operation on the input unit.

Taking into account the security of the center or hacking from theoutside, it is desirable that the content key should be encrypted at theencrypted content control unit 120 or encrypted content key control unit130 and then accumulated. In this case, the encrypted content keycontrol unit 130 accumulates the content keys in an encrypted state.When receiving an encrypted content key issuing request from the contentdelivery control unit 140 or the like, the encrypted content key controlunit 130 reads and decrypts the corresponding encrypted content key.Then, the encrypted content key control unit 130 encrypts the contentkey again on the basis of one of or a combination of the contentidentification information, medium information in the informationrecording medium 230, information to identify the content deliverycontrol unit 140, information to identify the medium linking contentacquiring unit 220, information to identify a region, information toidentify a user, content key individual information, and the like. Then,the encrypted content key control unit 130 issues the encrypted key.

The content key individual information means information included in thecontent key creation condition received from the copyright owner of thecontent or information created independently and used for decryption inperforming encryption in the process of creating the encrypted contentor issuing the content key.

The content delivery control unit 140 accumulates a plurality ofencrypted contents created at the encrypted content control unit 120,accepts the content information selected by the user at the usermanagement control unit 110 and the user information (including thecontent viewing condition), and delivers the encrypted content,encrypted content key, and others in cooperation with the user-side unit200 and the information storage medium 230 mounted on or connected tothe unit 200.

To link up with the user-side unit 200 and the information storagemedium 230, the content delivery control unit 140 has to start a linkingapplication in the user-side unit 200. To do this, the content deliverycontrol unit 140 issues authorization information to start the linkingapplication to the user-side unit 200 and performs two-wayauthentication according to the authorization information. On thecondition that the two-way authentication is completed according to theauthorization information, the content delivery control unit 140 enablesthe medium information to be issued via the communication line 300 andthe delivery content to be written into the information storage medium230. This makes it possible to disable the communication function of theuser-side unit 200 of the user who gained illegal access in the past,which improves the security.

When the linking application on the user-side unit 200 has beenencrypted as measures against information leaks, the authorizationinformation is created on the basis of the authentication informationcreated at the user management control unit 110 at the time of login,the user information accumulated in the user management control unit110, and the identifiers to identify users or identifiers to identifydevices stored in the storage medium 270 mounted on or connected to theuser-side unit 200 and the user access content selecting unit 210. Theauthorization information is encrypted as needed and then is issued.

When delivering the content, the content delivery control unit 140 makesa response request to the interface for realizing a link with theuser-side unit 200 or the information recording medium 230 (or may graspthe situation of the communication line, using the response of a pingcommand or the like) and analyzes the response, thereby grasping theload of the communication line. Repeating this process, the contentdelivery control unit 140 selects the most appropriate one (because ofthe lowest load or the like) of the communication lines allowingdelivery to the user-side unit 200, calculates an estimated time untilthe delivery of the content is completed, from the capacity of theselected content, the analyzed communication line load, and the like,and makes the resulting information issuable. In addition, the contentdelivery control unit 140 makes it possible to issue the designation ofreserved delivery, such as by what time the content delivery is requiredto finish in the end, selects a plurality of candidates, and deliversthe contents in the order of time closer to the present time or in theorder of specified priority.

Furthermore, the content delivery control unit 140 accepts the contentviewing condition (including information representing that the contenthas a limited viewing period, allowed viewing date-and-time (period)information, information about limits to writing into an informationstorage medium, content protect information, age limit information, andbarrier-free environment information (including sign language type andidentification information)) and encrypts the condition as needed andissues the result.

The encrypted content viewing condition or content viewing condition mayinclude content control incidental information (e.g., menu information,transition information within the content (e.g., thumbnail and menulink), external link information (e.g., connection addresses for theInternet), guidance information (e.g., characters and still pictures),and electronic watermark control information (e.g., a display on/offflag)) as needed.

Furthermore, the content delivery control unit 140 relates optioninformation (including information to identify the user-side unit 200,information to identify the medium linking content acquiring unit 220,information to identify a region, information to identify a user,information to show the content viewing condition, and content controlincidental information, external link information, and guidanceinformation) to the encrypted content and the encrypted content key.Then, the content delivery control unit 140 encrypts the resultinginformation as needed and issues the encrypted information as encryptedoption information.

The server date-and-time synchronizing unit 160 acquires the accuratedate and time from a known date-and-time issuing unit or the like via acommunication line and issues the held date and time to the requester asneeded.

(User-side Unit 200)

The user access content selecting unit 210 is an information processingunit including a man-machine interface and a communication interfacewhich carry out a series of procedures for the user to receivecopyright-protected content delivery services via a communication linein such a manner that the user accesses the center-side unit 100 via thecommunication line 300, selects contents, and acknowledges the purchaseof the contents. For example, the user access content selecting unit 210is a unit which enables a link with services via a communication line,such as a personal computer, a set-top box, an audio-visual unit, or ahousehold appliance.

Specifically, the user access content selecting unit 210 performs thefollowing things with the user management control unit 110: the deliveryof service subscriber application information, the acquisition ofauthentication condition, login on the basis of the authenticationcondition, the acquisition, display, and browsing of the content list,the delivery of information about the selection of the content from thecontent list, and so forth. When the user looks through the contents ofthe content list displayed and selects contents, he or she furtherselects the content viewing condition (e.g., whether the content is ofthe type that permits viewing only in a specific period or of the typethat permits viewing without time limitation) at the same time.

The medium linking content acquiring unit 220 has a linking applicationbetween the information storage medium 230 and the center-side contentdelivery control unit 140. According to an authorization request fromany one of the user access content selecting unit 210, content deliverycontrol unit 140, and the user, the medium linking content acquiringunit 220 acquires the encrypted content, the encrypted content key, andothers from the content delivery control unit 140.

The acquisition method is as follows. The medium linking contentacquiring unit 220 sends the medium information in the informationstorage medium 230 to the content delivery unit 140 and gets thedate-and-time information. At the same time, the medium linking contentacquiring unit 220 links up with the content delivery control unit 140and writes the encrypted content and encrypted content key sent from thecontent delivery control unit 140 via the communication line 300 intothe writable area of the information storage medium 230. Then, a checkis made if all of the encrypted contents and encrypted content keys havebeen written into the writable area of the information storage medium230 properly. If all of them have been written properly, the mediumlinking content acquiring unit 220 informs the content delivery controlunit 140 of the result together with the date-and-time information. Onthe basis of the notice, the content delivery control unit 140 issuesthe user's final charging and settlement information and informs theuser management control unit 110 of the information.

With the above method, however, it is conceivable that, when the networkis cut off by the user before normal writing is notified, the user maynot be charged. Therefore, the content delivery control unit 140 sendsthe encrypted content and then first carries out the charging process,or carries out the charging process and then sends the encryptedcontent. Here, the following method is effective: when abnormal writinghas been notified (a reissue has been requested), the content deliverycontrol unit 140 carries out a reissuing process; and when normalwriting has been notified, the content delivery control unit 140 sendsthe encrypted content key and, when receiving the notice of normalwriting of the key, ends the series of processes.

In executing a linking application which links up with the informationstorage medium 230 or the content delivery control unit 140, theapplication may be encrypted as measures against information leaks andauthorization information may be needed for startup. In this case, themedium linking content acquiring unit 220 informs the content deliverycontrol unit 140 of the authentication information created at the usermanagement control unit 110 at the time of login, the identifiers toidentify the user stored in the storage medium (e.g. IC card) mounted onor connected to the user-side unit 200 and in the user access contentselecting unit 210, the identifier to identify the user-side unit 200,and so forth. Then, the medium linking content acquiring unit 220acquires the authorization information from the content delivery controlunit 140. Alternatively, in a stand-alone state where the communicationline 300 is not used, the medium linking content acquiring unit 220creates authorization information independently by using the previouslyacquired information. After the startup, the medium linking contentacquiring unit 220 performs two-way authentication on the basis of theauthorization information.

When accepting the encrypted option information from the contentdelivery control unit 140, the medium linking content acquiring unit 220decrypts the encrypted option information using the authorizationinformation, thereby acquiring the option information. At this time, themedium linking content acquiring unit 220 analyzes the information toidentify the content delivery control unit 140, information to identifythe unit 220, information to identify a region, information to identifya user, information to show the content viewing condition, contentcontrol incidental information, and so forth. Then, the medium linkingcontent acquiring unit 220 makes a check on the basis of the resultinginformation. According to the result of the check, the medium linkingcontent acquiring unit 220 performs control, including the limitation ofthe operation, and updates and stores the storage information in thestorage medium (e.g., IC card) 270. Then, the medium linking contentacquiring unit 220 writes these pieces of information into the writablearea of the information storage medium 230.

In addition, when writing the data into the information storage medium230, the medium linking content acquiring unit 220 accepts informationincluding the content viewing condition notified by the content deliverycontrol unit 140. If the content viewing condition in the information isof the limited-period content viewing type, that is, of the conditionalviewing type permitting contents to be viewed only in a specific period,the medium linking content acquiring unit 220 encrypts informationrepresenting the content viewing type and date-and-time information andstores the encrypted information into the storage medium (e.g., IC card)mounted on or connected to the user-side unit 200 or writes theinformation into the writable area of the information storage medium230.

The information storage medium 230, which is, for example, a DVD-RAMdisk, has the medium key information and medium unique identifierwritten previously into the read-only area. Each of the medium keyinformation and medium unique identifier can be read and outputtedaccording to the request. Furthermore, the encrypted content, encryptedcontent key, encrypted viewing condition, option information, and otherssupplied via the medium linking content acquiring unit 220 can bewritten into the writable area.

On the basis of the device unique key information held by the user-sideunit 200 and the medium information in the read-only area of theinformation storage medium 230, the content presentation control unit240 decrypts the encrypted content key written in the writable area,thereby creating a content key. On the basis of the content key, thecontent presentation control unit 240 decrypts the encrypted content andmakes the result presentable. Here, when the option information has beenacquired at the medium linking content acquiring unit 220 and stored inthe storage medium (e.g., IC card) 270 mounted on or connected to theuser-side unit 200 or in the writable area of the information storagemedium 230, the content presentation control unit 240 reads theinformation and carries out the presenting process on the basis of theinformation.

In addition, when the encrypted viewing condition has been acquired atthe medium linking content acquiring unit 220 and stored in the storagemedium (e.g., IC card) 270 mounted on or connected to the user-side unit200 or in the writable area of the information storage medium 230, thecontent presentation control unit 240 reads the condition and at thesame time, acquires the information from the terminal date-and-timesynchronizing unit 250, and makes a check if the previously accumulatedcontents have expired. If the contents have expired, the contentpresentation control unit 240 informs the user of the fact and carriesout a process so as to make it impossible to use the contents. thecollection of charges, various forms of content acquisition, and timelyservices can be achieved efficiently, which enables the user to avoidthe trouble of going to a shop and buying or renting the contents.

Here, the communication line 300 is used between the medium linkingcontent acquiring unit 220 and the content delivery control unit 140.Between the other units, not only the communication line 300 but alsoanother information transmission means, including a directly connectedline, a circuit, and a storage medium, may be used.

The medium linking content acquiring unit 220 may be mounted on orconnected to the user access content selecting unit 210 or may standalone.

The information storage medium 230 has a read-only area and a writablearea as does a DVD-RAM disk. In the read-only area, the medium keyinformation corresponding to each type of user device and the mediumunique identifier each medium has is present. Not only a disk medium butalso a tape medium or a semiconductor information medium (e.g., memoryor IC card) may be used.

The storage medium 270 is not restricted to an information storagemedium having both a read-only area and a writable area, such as aDVD-RAM disk and may be a disk medium, a tape medium, a semiconductorinformation medium (e.g., memory or IC card), and a medium capable ofmemorizing information.

In the embodiment, the place in which the encrypted content key and theencrypted content are stored is not restricted to the informationstorage medium in whose read-only area the medium information ispresent, and may be on another storage medium. For instance, theencrypted content may be stored in a hard disk and the encrypted contentkey may be stored in an information storage medium, such as an IC cardor a DVD medium. In addition, when the encrypted content and theencrypted content key are both stored in a hard disk and an informationstorage medium, such as an IC card or a DVD medium, can be read by theuser-side unit, such a form as enables both download and viewing may beused.

Furthermore, in the embodiment, when a DVD medium is used as theinformation storage medium 230, the linking application of the mediumlinking content acquiring unit 220 may read MKB (Media Key Block: mediumkey information) in the read-only area of a DVD medium, the hash value(existing in the read-only area of the DVD as MKB identificationinformation like MKB), and the medium identifier (Media ID) and sendthem to the encrypted content key creating application via the contentdelivery application.

Instead of the MKB hash value described above, verification data or apart of data in held in the MKB along with the MKB hash value may beused. The verification data is similar to the MKB hash value and iscontained in an MKB pack 0 (mkbPack0). The MKB has been read from a DVDin units of packs, and the pack 0 is the data block read first from theDVD.

In contrast, the encrypted content key control unit 130 has the MKBs ofall of or a part of the patterns licensed and stores them. On the basisof the MKB identification information (hash value) sent from theuser-side unit 200, the encrypted content key control unit 130 mayselect the relevant MKB and, on the basis of the MKB, the server-sidedevice unique key information, and the medium identifier sent from theuser-side unit 200, create an encrypted content key.

When the encrypted content key control unit 130 has the MKBs of all thepatterns, it need not receive the MKB from the user side. However, whenthe encrypted content key control unit 130 does not have the MKBscorresponding to the MKB identification information sent from theuser-side unit 200, it returns an error state or the like, which mightupset the user side. In addition, there is a possibility that licensingfees will rise.

In contrast, when the encrypted content key control unit 130 has only aplurality of MKB patterns and has no MKB corresponding to the hash valuesent from the user-side unit 200, it may receive the MKB from the user'sDVD medium. This method may cost relatively low licensing fees, but itis necessary to take into consideration that it is difficult todetermine whether the MKB is legitimate.

To select the MKB ID information (hash value and verification data) sentfrom the user-side unit 200, this data is authenticated in accordancewith the MAC value of the MKB or a value calculated from the MAC value.

Furthermore, in the system of the present invention, the service rangefor the users may be for movable bodies (e.g., PDAs) or for fixedreception units. In addition, contents may be delivered, selectivelyswitching between encoding systems according to the viewing form, andcharging may be done according to each system.

Moreover, instead of sending information about the condition to theuser-side unit 200, the address (presentation location) of the server towhich the condition is presented may be shown as the content viewingcondition.

EMBODIMENT

Hereinafter, an embodiment will be explained by reference to FIGS. 2A,2B and 2C.

(Center-side Unit 100)

The user management control unit 100 comprises a user management section(including a user information accumulating section F1) 111, a clearingsection 112, a user authenticating section 113, a content list displayselecting section (including a content list format accumulating sectionF2) 114, and a charging and settlement section (including a charging andsettlement information accumulating section F3) 115. The contents of theprocesses of the individual blocks 111 to 115 are shown in FIGS. 3A and3B, FIGS. 4A and 4B.

The user management section 111 takes in various requirements presentedby the user in applying for subscription (e.g., name, birth date,address, sex, telephone number, the type of services subscribed (such asviewing only movies content, viewing only sports content, or viewing allof the contents), and the payment method (e.g., credit card number andcredit card expiration date)) and determines whether the user iseligible for service delivery.

Specifically, as shown in FIGS. 3A and 3B, the user management section111 determines the type of service subscriber application (S111-1). Inthe case of notice from the user access content selecting unit 210, theuser management section 111 carries out the process of accepting theinput of service subscriber application information shown by the notice(S111-2). In the case of notice by phone or the submission of a documentby mail, the operator carries out the process of accepting the input ofservice subscriber application information presented by the user(S111-3). At this time, the user management section 111 refers to theuser information accumulating section F1, acquires information about theapplying user's past history (S111-4), and checks the contents of theinputted subscriber application information (S111-5).

Next, the user management section 110 determines whether the paymentmethod is credit card payment (S111-6). If it is credit card payment,the user management section 110 issues to the clearing section 112 thefollowing information: the user's name, birth date, address, sex,telephone number, credit card number, card expiration date, and so forth(S111-7).

Receiving these pieces of information (S112-1), the clearing section 112checks the contents accepted (S112-2), selects the best clearingcorporation (S112-3), creates information necessary for the clearingcorporation (S112-4), detects the predetermined information linking form(S112-5), and transmits information to the clearing corporation in thatform (S112-6). Then, accepting the response from the clearingcorporation (S112-7), the clearing section 112 confirms whether theapplying user can pay (S112-8). If the applicant can pay, the clearingsection 112 receives the clearing identifier issued from the clearingcorporation and issues it to the user management section 111 (S112-9).If the applicant cannot pay, the clearing section 112 receives an NGstatus from the clearing corporation and issues it to the usermanagement section 111 (S112-10).

The user management section 111 accepts the clearing identifier or NGstatus from the clearing section 112 (S111-8). Then, the user managementsection 111 determines whether the accepted response is the clearingidentifier indicating that the applicant can pay (S111-9). If theresponse is the clearing identifier, the user management section 111erases such information as credit card number and credit card expirationdate to avoid the risk of credit card information leaks (S111-10). Ifthe response is the NG status indicating that the applicant cannot pay,the user management section 111 determines the type of servicesubscriber application (S111-11) and informs the user via the useraccess content selecting unit 210 that the user cannot subscribe to theservice (S111-12). Alternatively, the user management section 111informs the terminal or the like used by the operator of the fact(S111-13). Then, the operator or the like phones the user the fact orinforms the user of the fact by mail.

On the other hand, if it is determined in step S111-6 that the paymentmethod is not credit card payment, the user management section 111checks the contents of the payment method and examines the legitimacy ofthe user (S111-14). In the examination, it is determined whether theapplying user can subscribe to the service (S111-15). If it isdetermined that the applicant can subscribe to the service, the usermanagement section 111 informs the user of a final confirmation whetherthe user wants to receive the service (S111-16) and determines whetherthere is a request for service subscription (S111-17).

Receiving the acknowledgement of service subscription, the usermanagement section 111 creates authentication conditions (including userID and password) necessary to log in (S111-18), determines the type ofservice subscriber application (S111-19), issues the authenticationcondition to the user via the user access content selecting unit 210(S111-20) or issues the condition to the user via the operator or thelike (S111-21), and stores in the user information accumulating sectionF1 the following information: various requirements, clearingidentifiers, and authentication conditions (S111-22). On the other hand,if the acknowledgement of service subscription is not received in stepS111-17, the user management section 111 erases all of the contents ofthe information accepted on application (S111-23).

The user management section 111 informs the user of the issuedauthentication condition by word of mouth or by letter or informs theuser of the condition via a storage medium (e.g., IC card) or the useraccess content selecting unit 210. In informing the user of theauthentication condition via a storage medium or the user access contentselecting unit 210, it is desirable that the identifier to identify theuser or the identifier to identify the device should be issued inencrypted form, taking information leaks into account.

When the user gets the authentication condition issued at the usermanagement section 310 and, on the basis of the authenticationcondition, uses the user access content selecting unit 210, and logs invia the communication line 300, the user authenticating section 113, thecontent list display selecting section 114, and the charging andsettlement section 115 carry out the processes shown in FIGS. 4A and 4B.

First, the user authenticating section 113 accepts a login request(S113-1), gets the authentication information (S113-2), then gets theinformation accumulated in the user information accumulating section F1(S113-3), and determines whether login is possible (S113-4). If login isimpossible, the user authenticating section 113 reports this (S330-5).If login is possible, the authenticating section 113 gets information asto what type of service (range) the user can receive from the servicetypes accumulated in the user information accumulating section F1(S113-6), creates authentication information on the basis of theacquired information (S113-7), and issues the authentication informationto the user access content selecting unit 210 used by the user (S113-8).

On the basis of the authentication information issued by the userauthenticating section 113 to the user access content selecting unit 210or succession information (including user information) from the userauthenticating section 113 logged into by the user, the content listdisplay selecting section 114 accepts a content list display requestfrom the user (S114-1), determines a content list format correspondingto the requesting user (S114-2), selects it from the content list formataccumulating section F2 (S114-3), converts the selected format into aform or the like the user access content selecting unit 210 can display(S114-5), and issues the form to the user access content selecting unit210 (S114-6).

At this time, the user displays and looks through the content listissued at the contest list display selecting section 114 on the useraccess content selecting unit 210 and, on the basis of the display,selects the content the user wants to get. At this time, the user alsoselects the content viewing condition (e.g., whether the content is ofthe type that permits viewing only in a specific period or of the typethat permits viewing without time limitation) according to the contentlist display.

The charging and settlement section 115 accepts the content selectionfrom the user access content selecting unit 210 (S115-1) and at the sametime, acquires the succession information from the content list displayselecting section 210 (S115-2), and issues acknowledge information aboutwhether the requirement for charging can be fulfilled to the usermanagement section 111 (S115-3). Receiving this, the user managementsection 111 acquires the necessary information from the user informationaccumulating section F1, makes a determination in cooperation with theclearing section 112, and informs the charging and settlement section115 of the result of the determination as acknowledge information.

Receiving the acknowledge information from the user management section111 (S115-4), the charging and settlement section 115 determines fromthe result of the determination of the acknowledge information whetherthe selected content can be purchased (S115-5). If the selected contentcannot be purchased, the charging and settlement section 115 informs theuser access content selecting unit 210 of the fact as credit information(S350-6). If the selected content can be purchased, the charging andsettlement section 115 informs the user access content selecting unit210 of the fact as credit information (S350-7) and asks the user againwhether he or she really wants to buy (S115-8).

If the result of the acknowledgment has shown that the user does not buyin the end, the charging and settlement section 115 informs the useraccess content selecting unit 210 that the content is to be selectedagain (S115-9). If the purchase has been acknowledged, the charging andsettlement section 115 accumulates this information as charging andsettlement information in the charging and settlement informationaccumulating section F3 (S115-10) and at the same time, accumulates whenand what content the user selected and purchased and information aboutthe content viewing condition in the user information accumulatingsection F1 (S115-11), and issues the content information selected by theuser and the user information (including the content viewing condition)(S115-12).

The encrypted content control unit 120 is composed of an encryptedcontent creating section 121, an encrypted content issuing section 122,and a content key issuing section 123. FIG. 5 shows the contents of theprocesses of the blocks 121 to 123.

The encrypted content creating section 121 specifies or inputs thecontent provided by the copyright owner of the content and the contentkey creating condition for decrypting the encrypted content (S121-1,S121-2). If the content is not in a digitally encoded form (such as AVI,MPEG-1, MPEG-2, or MPEG-4), the encrypted content creating section 131further specifies encoding (S121-3, S121-4). Even if the content is in adigitally encoded form (such as AVI, MPEG-1, MPEG-2, or MPEG-4), theencrypted content creating section 131 specifies the conversion of theencoding form, thereby making it possible to specify the contentencoding form in decryption (S121-5, S121-6). The content key creatingcondition may be inputted directly by hand. Alternatively, electronicdata in which the content key creating condition and the like arewritten as the copyright information in the form of text file, MPEG-7,or the like may be specified and inputted.

The encrypted content creating section 121 analyzes the contents of theinputted content key creating condition (S121-7), extracts the contentkey creating condition (S121-8), checks the operator and the like(S121-9), and creates not only encrypted content C1 on the basis of thespecified condition (S121-10) but also the content key K1 (S121-11).

The encrypted content issuing section 122 observes whether encryptedcontent C1 has been created (S122-1, S122-2). If encrypted content C1has been created, the encrypted content issuing section 122 detects theencrypted content accumulating section (C2 of the content deliverycontrol unit 140 in FIG. 2A) previously specified or specified each timeencryption is performed (S122-3), and issues encrypted content C1 to theaccumulating section (S122-4).

The content key issuing section 123 observes whether content key K1 hasbeen created (S123-1, S123-2). If content key C1 has been created, theencrypted content key issuing section 123 detects the content keyaccumulating section (K2 of the encrypted content key control unit 130in FIG. 2B) previously specified or specified each time a content key iscreated (S123-3), and issues the content key to the accumulating section(S123-4).

The encrypted content key control unit 130 includes a device unique keyand medium information storage section 131, an encrypted content keycreating section 132, a content key accumulating section K2, and anencrypted content key accumulating section K3. The encrypted content keycontrol unit 130 executes the processes shown in FIG. 6.

In FIG. 6, the encrypted content key control unit 130 accepts thecontent key issued at the content key issuing section 123 from theencrypted content control unit 120 each time encrypted content iscreated (S130-1), and accumulates a plurality of content keys in thecontent key accumulating section K2 (S130-2). The encrypted content keycreating section 132 accepts not only the content identificationinformation but also the medium information (medium key information andmedium unique identifier) in the information storage medium 230 from aninformation storage medium linking section 221 of the medium likingcontent acquiring unit 220 via the communication lien 300 and a contentdelivery linking control section 142 (S132-1), selects the content keycorresponding to the encrypted content from the content key accumulatingsection K2 on the basis of the content identification information(S132-2), creates encrypted content key K3 from the content key on thebasis of the device unique key information stored in the device uniquekey and medium information storage section 131 and the mediuminformation in the information storage medium 230 (132-7), and issuesencrypted content key K3 to the content delivery linking control section142 (S132-8). All of the key information may be stored in the deviceunique key and medium information storage section 131. Alternatively,the device unique key, together with the medium information, may be sentfrom the user-side unit 200 to the device unique key and mediuminformation storage section 131 each time content is requested.

In addition, the encrypted content key creating section 132 determineswhether an increment of encrypted content keys is specified as optioninformation (S132-3). If the increment is specified, when creating anencrypted content key, the encrypted content key creating section 132accepts option information (including information to identify thecontent delivery unit 140, information to identify the medium linkingcontent acquiring unit 220, information to identify a region,information to identify a user, information to show the content viewingcondition, content control incidental information (e.g., menuinformation, transition information within the content (e.g., thumbnailand menu link), external link information (e.g., connection addressesfor the Internet), and guidance information (e.g., characters and stillpictures)) (S132-4), analyzes the option information (S132-5), andcreates increment information (S132-6). The encrypted content keycreating section 132 creates an encrypted content key in a manner thatincludes a part of these pieces of information as conditions (S132-7),and issues the key to the content delivery linking control section 142(S132-8).

In addition to receiving the medium information in the informationstorage medium 230, information to identify the content delivery unit140, information to identify the medium linking content acquiring unit220, information to identify a user, information to show the contentviewing condition, content control incidental information, and so forthvia the content delivery linking control section 142, the encryptedcontent key creating section 132 may get them directly from anotherunit, such as the medium linking content acquiring unit 220, or fromdirect input means. In this case, too, the encrypted content keycreating section 132 creates an encrypted content key and issues the keyto the requester.

The content delivery control unit 140 is composed of an informationstorage medium liking section authorization information creating section141, a content delivery linking control section 142, a content viewingcondition control section 143, a relating and encrypting section 144, anencrypted content accumulating section C2, an encrypted optioninformation accumulating section F4, and an achievement informationaccumulating section F5. The content delivery control unit 140 executesthe processes shown in FIGS. 7A, 7B and 7C.

In FIGS. 7A, 7B and 7C, the content delivery control unit 140 acceptsthe encrypted content encrypted at the encrypted content control unit120 and issued at the encrypted content issuing section 122, accumulatesa plurality of encrypted contents in the encrypted content accumulatingsection C2 (S140-1, S140-2), accepts the user's selected contentinformation issued at the charging and settlement section 115 and theuser information (including the content viewing condition) (S140-3), anddelivers the encrypted content, the encrypted content key, and so forthin cooperation with the user-side unit 200 and the information storagemedium 230 (S140-4).

When cooperating with the user-side unit 200 and the information storagemedium 230, the content delivery control unit 140 needs authorizationinformation for startup in a case where the linking applicationinstalled in the user-side unit 200 has been encrypted as measuresagainst information leaks. Thus, on the basis of the authenticationinformation created at the user management control unit 110 at the timeof login, the user information accumulated in the user managementcontrol unit 110 (S141-1, S141-2), the storage medium (such as an ICcard) 270 mounted on or connected to the user-side unit 200, theidentifier to identify the user stored in the user access contentselecting unit 210 or the identifier to identify the device (S141-1,S141-3), and the like, the information storage medium liking sectionauthorization information creating section 141 creates authorizationinformation (S141-5) and issues the information (S141-6).

Acquiring the encrypted content, the encrypted content key, and so forth(S142-1), the content delivery linking control section 142 delivers theencrypted content, the encrypted content key, and others in cooperationwith the user-side unit 200 and the information storage medium 230. Fordelivery, the content delivery linking control section 142 makes aresponse request to the user-side unit 200 (or may grasp the situationof the communication line, using the response of a ping command or thelike) (S142-2), gets the response from the user-side unit 200 (S142-3),and analyzes the response time and arrival path information (142-4),thereby grasping the load of the communication line.

The content delivery linking control section 142 repeats the processesin step S142 to S142-4 to get the past achievement information from theachievement information storage section F5 (S142-5), determines acommunication line whose response time is short, which has no path to beadversely affected, and which is simplified in terms of path, from thecommunication lines capable of delivering to the user-side unit 200, andselects it as the most appropriate communication line (S142-6).Furthermore, the content delivery linking control section 142 calculatesan estimated time until the delivery of content is completed, from thecapacity of the selected content, the analyzed communication line load,and so forth (S142-7), issues the information to the user (S142-8), andconfirms whether to deliver (S142-9).

The content delivery linking control section 142 accepts theacknowledgement of delivery from the user and starts to deliver thecontent. If receiving the acknowledgment of no delivery, the contentdelivery linking control section 142 gives delivery specify notice(S142-10) to make it possible to specify a reserved delivery regarding,for example, by what time the user wants to end the content delivery(S142-11), selects a plurality of candidates (S142-12), specifiesdelivery in the order of time closer to the present time (S142-13), andstarts to deliver the content.

The content viewing condition control section 143 acquires the contentinformation selected by the user and the user information from the userinformation accumulating section F1 (S143-1) or accepts the contentinformation selected by the user, the encrypted content key identifier,and the key information from the content delivery linking controlsection 142 (S143-2), and acquires the content viewing condition(including information representing that the content has a limitedviewing period, allowed viewing date-and-time (period) information,information about limits to writing into an information storage medium,content protect information, age limit information, barrier-freeenvironment information (including sign language type and identificationinformation)) (S143-3). At this time, the content viewing conditioncontrol section 143 determines whether there is a piece of informationrequiring encryption in the accepted or acquired information (S143-4).If there is such a piece of information, the content viewing conditioncontrol section 143 performs encryption on the basis of the keyinformation (S143-5) and issues the result as an encrypted contentviewing condition (S530-6). If encryption is unnecessary, the contentviewing condition control section 143 issues the result as a contentviewing condition (S143-7).

The relating and encrypting section 144 accepts the content informationselected by the user, the encrypted content key identifier, and the keyinformation from the content delivery linking control section 142. Therelating and encrypting section 144 further accepts the optioninformation, including information to identify the content deliverycontrol unit 140, information to identify the medium linking contentacquiring unit 220 of the user-side unit 200, information to identify aregion, information to identify a user, information to show the contentviewing condition, content control incidental information, and guidanceinformation (S144-1), relates the option information to the encryptedcontent and the encrypted content key to create relating information(S144-2), and encrypts the option information on the basis of the keyinformation (S144-3), and issues the result as encrypted optioninformation F4 (S144-4).

The option information input unit 150 issues the option information tothe encrypted content key creating section 132 and the relating andencrypting section 144 in response to the input operation by theoperator or the like.

The server date-and-time synchronizing unit 160 includes a serverdate-and-time synchronizing section 161. As shown in FIG. 8, the serverdate-and-time synchronizing section 161 gets the accurate date and timefrom a known date-and-time issuing unit or the like available to thepublic on WWW at time intervals set by the manager (S161-1, S161-2),accepts a date-and-time issuing request (S161-3), and issues the storeddate and time to the requester according to the request (S161-4).

(User-side Unit 200)

The user access content selecting unit 210 includes a man-machineinterface and a communication interface which realize a series ofprocedures for the user to receive content delivery services via acommunication line, including service subscriber application,authentication condition acquisition, login, authentication informationacquisition, content list display request, content list display andbrowsing, content selection, credit information acquisition, andpurchase acknowledgment. For example, the user access content selectingunit 210 is a unit which enables a link with services via acommunication line, such as a personal computer, a set-top box, anaudio-visual unit, or a household appliance. The contents of theprocesses have explained in the user management control unit 110 shownin FIGS. 3A and 3B, FIGS. 4A and 4B, so the explanation of them will beomitted.

The medium linking content acquiring unit 220 is composed of theinformation storage medium linking section 21, a stand-aloneauthorization information creating section 222, a normal writingchecking section 223, and a content viewing condition processing section224. The medium linking content acquiring unit 220 is mounted on orconnected to the user-side unit 200. The contents of the processes ofthe blocks 221 to 224 are shown in FIGS. 9A and 9B and FIG. 10.

The information storage medium linking section 221 accepts anauthorization request from the user access content selecting unit 210,content delivery control unit 140, or the user (S221-1) and, accordingto the authorization request, acquires the authentication informationcreated at the user management control unit 110 at the time of login,the identifier to identify the user stored in the storage medium 270mounted on or connected to the user-side unit 200 or the user accesscontent selecting unit 210, the identifier to identify the user-sideunit 200, and so forth (S221-2). Then, the information storage mediumlinking section 221 determines whether to get the authorizationinformation via the communication line 300 (S221-3). If it gets theinformation via the communication line 300, the information storagemedium linking section 221 issues the acquired medium information to theinformation storage medium linking section authorization informationcreating section 141 of the content delivery control unit 140 (S221-4)and acquires the authorization information from the authorizationinformation creating section 141 (S221-5).

In the stand-alone state where the communication line is not used, theinformation storage medium linking section 221 issues to the stand-aloneauthorization information creating section 222 the authenticationinformation created at the user management control unit 110 at the timeof login, the identifier to identify the user stored in the storagemedium 270 mounted on or connected to the user-side unit 200 or in theuser access content selecting unit 210, the identifier to identify theuser-side unit 200, and so forth (S221-6). The stand-alone authorizationinformation creating section 222 determines the authorizationinformation condition (S222-1). If the situation meets the condition,the stand-alone authorization information creating section 222 createsauthorization information (S222-2) and issues the information to theinformation storage medium linking section 221 (S222-3). Then, theinformation storage medium linking section 221 acquires theauthorization information from the stand-alone authorization informationcreating section 222 (S221-7).

Then, the information storage medium linking section 221 decrypts theencrypted linking application using the authorization information,starts the process (S221-8), acquires the medium information in theinformation storage medium 230 (the medium key information and mediumunique identifier written in the read-only area of the informationstorage medium) to acquire the encrypted content, the encrypted contentkey, and the like (S221-9), and issues the information to the contentdelivery control unit 140 (S221-10). Furthermore, the informationstorage medium linking section 221 gets the date and time informationfrom the terminal date-and-time synchronizing unit 250 (S221-11) andaccepts the encrypted content, the encrypted content key, and otherssent from the content delivery linking control section 141 via thecommunication line 300 in cooperation with the content delivery linkingcontrol section 141 (S221-12).

When accepting encrypted option information F4 from the content deliverylinking control section 142, the information storage medium linkingsection 221 decrypts it using the authorization information (S221-13,S221-14, S221-15), thereby acquiring option information (S221-16). Then,the information storage medium linking section 221 analyzes theinformation to identify the content delivery unit 140, information toidentify the medium linking content acquiring unit 220, information toidentify a region, information to identify a user, information to showthe content viewing condition, content control incidental information(e.g., menu information, transition information within the content(e.g., thumbnail and menu link), external link information (e.g.,connection addresses for the Internet), and guidance information (e.g.,characters and still pictures)) (S221-17). On the basis of theinformation, the information storage medium linking section 221 makes acheck (e.g., if the viewing period is met, when the viewing period iswritten in the content viewing condition, or if the specified region issatisfied, the condition includes information to identify a region)(S221-18). In a manner conforming to this, the information storagemedium linking section 221 performs control (such as control of theoperation) (S221-19) or updates or holds the secure storage medium 270mounted on or connected to the user-side unit 200 (S221-20). Inaddition, the information storage medium linking section 221 writes thespecified information as option information into the writable area ofthe information storage medium 230 in which the encrypted content andthe encrypted content key are written as needed (S221-2, S221-22). Whenthe information storage medium linking section 221 cannot get optioninformation in step S221-4, it skips the processes which would becarried out if the option information were present.

Then, the information storage medium linking section 221 determineswhether to write the acquired encrypted content and encrypted contentkey into the information storage medium 230 (S221-21). When receiving awrite instruction, the information storage medium linking section 221writes the encrypted content and the encrypted content key into thewritable area of the information storage medium 230 (S221-22). After thewriting, the information storage medium linking section 221 issues awrite end status and informs the normal writing checking section 223 ofthe end of the writing (S221-23). If not receiving a write instructionin step S221-21, the information storage medium linking section 221gives notice of the reselection of the content (S221-24).

The normal writing checking section 223 accepts the write end statusfrom the information storage medium linking section 221 (S223-1) andchecks whether all of the encrypted content, the encrypted content key,and the like have been written into the writable area of the informationstorage medium 230 via the communication line 300 by size checking,verification, actual data comparison, and so forth (S223-2). After thechecking, the normal writing checking section 223 acquires thedate-and-time information from the terminal date-and-time synchronizingunit 250 (S223-3) and issues it as write normal end time to the chargingand settlement section 115 (S223-4). Receiving this, the charging andsettlement section 115 stores the write normal end time in thecorresponding location of the charging and settlement informationaccumulating section F3.

The content viewing condition processing section 224 acquires the userinformation and others from the information storage medium linkingsection 221 (S224-1). On the basis of this information, the contentviewing condition control section 143 accepts the encrypted contentviewing condition or content viewing condition or the like acquired bythe content viewing condition control section 143 from the userinformation accumulating section F1 and content delivery linking controlsection 142 in which information about the contents selected by the user(information about the state, such as the write normal end time,information about the viewing period, and the like) have beenaccumulated (S224-2, S224-3, S224-4, S224-5). The content viewingcondition processing section 224 then analyzes the accepted information(S224-6).

When the content viewing condition is of a content viewing type with alimited period, that is, of a conditional viewing type that permits thecontent to be viewed only in a specific period, the content viewingcondition processing section 224 encrypts information about the contentviewing type, the date-and-time information, and the like (S224-7,S224-8), and issues the result to the information storage medium linkingsection 221 (S224-9). The information storage medium linking section 221accepts this and stores it into the storage medium 270 (S22-20) andwrites it into the writable area of the information storage medium 230in which the encrypted content and the encrypted content key are written(S221-21, S221-22).

For example, a DVD-RAM disk is used as the information recording medium230. In the disk, the medium key information and the medium uniqueidentifier have been written into the read-only area. In cooperationwith the medium linking content acquiring unit 220, the informationstorage medium linking section 2221 writes the encrypted content,encrypted content key, option information, and encrypted content viewingcondition into the writable area as needed.

The content presentation control unit 240 is composed of a contentpresenting section 241 and a device unique key storage section 242. Thecontents of the processes of the content presenting section 241 areshown in FIGS. 11A and 11B.

In FIGS. 11A and 11B, the content presenting section 241 accepts aviewing request from the user or another unit or function (S241-1) andreads not only the medium information written in the read-only area ofthe information storage medium 230 and the encrypted content key writtenin the writable area but also the option information and viewingcondition written in the information storage medium 230 or storagemedium 270 and the device unique key held in the device unique keystorage section 242 (S241-2, S241-3).

In the process of checking the option information (S241-4, S241-5), ifthe information storage medium 230 or storage medium 270 has the optioninformation, the content presenting section 241 gets and analyzes theoption information and issues a presentation condition based on theresult of the analysis (S241-6, S241-7, S241-8). If they have no optioninformation, the content presenting section 241 skips steps 241-6,241-7, and 241-8.

Then, in the process of checking whether there is a viewing condition(S241-9, S241-10), if there is a viewing condition, the contentpresenting section 241 determines whether the viewing condition has beenencrypted (S241-11). If it has not been encrypted, the contentpresenting section 241 acquires the condition directly. If it has beenencrypted, the content presenting section 241 acquires not only theencrypted viewing condition but also the option information (S241-13,S241-14) and decrypts the viewing condition on the basis of the keyinformation included in the option information (S241-15). When obtainingthe viewing condition this way, the content presenting section 241analyzes the viewing condition (S241-16) and, on the basis of the resultof the analysis, makes a date-and-time information issuing request tothe terminal date-and-time synchronizing unit 250, and acquires thedate-and-time information issued from the synchronizing unit 250 inresponse to the request. When there is no viewing condition, the contentpresenting section 241 passes control to step S241-23.

Next, the content presenting section 241 checks the time limit (S241-19,S241-20). If the time limit has been expired, the content presentingsection 241 issues a time-limit expiration message, verifies whether thecontent should be disabled (S241-21), and prevents the informationwritten in the information storage medium 230 from being used (S241-22).If the time limit has not been expired, the content presenting section241 creates a content key on the basis of the medium information,encrypted content key, and device unique key (S241-23) and, on the basisof the content key, decrypts the encrypted content (S241-24), and issuesit in presentable form (S241-25).

The terminal date-and-time synchronizing unit 250 includes a terminaldata-and-time synchronizing section 251. As shown in FIG. 12, theterminal data-and-time synchronizing section 251 acquires a preset timeinterval (S251-1), acquires date-and-time information from a serverdata-and-time synchronizing section 161 at the acquired time intervalsvia the communication line and stores it (S251-2). When receiving adate-and-time issuing request from the medium linking content acquiringunit 220, content presentation control unit 240, and the like, theterminal data-and-time synchronizing section 251 accepts this (S251-3).If having to getting the latest date and time, the terminaldata-and-time synchronizing section 251 acquires the date-and-timeinformation from the server date-and-time synchronizing section 161 andholds it (S251-4, S251-5), and issues the stored date and time (S251-6).

The terminal data-and-time synchronizing unit 250, which is mounted onthe user-side unit 200, has a date-and-time holding system that cannotbe set from the outside differently from a time that can be set.

The content viewing unit 260 is a known display, such as television,which enables the user to view content. The content viewing unit 260includes a content viewing control section 261 and a content viewingsection 262. The content viewing control section 261 and content viewingsection 262 carry out the processes shown in FIG. 13. The contentviewing control section 261 accepts the content and others madepresentable at the content presenting section 241 (S261-1), and makes ananalysis and perform control to enable viewing (S261-2, S261-3), andissues the result to the content viewing section 262 (S261-4). Receivingthis, the content viewing section 262 causes the resulting content to beviewed in images and sound (S262-1, S262-2).

With the content delivery system configured as described above, thefollowing effects are obtained.

(1) The content and the content key creating condition are acquired fromthe copyright owner or copyright manager of the content, thecopyright-protected encrypted content and content key are created, andthey are made issuable. Therefore, the content can be encryptedaccording to the request of the copyright owner or copyright manager.

(2) When the user receives copyright-protected content delivery servicesvia a communication line, the necessary subscriber application procedureis offered so as to comply with a form that allows the user to receivethe copyright-protected content delivery services. This simplifies theprocedure for the user applying for subscription and enables the user toreceive delivery services according to the user's usage environment.

(3) It is determined whether the user can receive copyright-protectedcontent delivery services. At this time, if the payment method is creditcard payment, the necessary information is transmitted to the clearingcorporation and the clearing identifier is received from the clearingcorporation. To avoid the risk of credit card information leaks, theunnecessary information is erased. From this point on, a determinationis made using the clearing identifier. Therefore, it is possible torealize safe electronic settlement, excluding ineligible users.

(4) The authentication condition is issued to the registered usersbeforehand. When the users log in to the copyright-protected contentdelivery services via a communication line, they present theauthentication condition and then receive the copyright-protectedcontent delivery services. Therefore, only the eligible users can log inand ineligible users are prevented from receiving the services.

(5) When the user logs in to a copyright-protected content deliveryservice according to the issued authentication condition, it isdetermined what services the user can receive and then theauthentication information is issued. Therefore, the contents ofservices can be managed on a user basis, which enables suitable,thoughtful services.

(6) The content list format corresponding to the user or user-side unitis selected on the basis of the issued authentication information,brought into a form that allows various types of display, and thenissued. Therefore, the content selecting operation of each user can besimplified.

(7) The user's content selection is accepted on the basis of the issuedcontent list, a check is made with the clearing corporation on the basisof the clearing identifier and the user is informed of whether theselected content can be purchased. Therefore, illegal purchase due tothe user's mistake can be avoided.

(8) A plurality of encrypted contents are accumulated, the contentinformation selected by the user and the user information are accepted,and the encrypted content, encrypted content key, and the like aredelivered via the communication line in cooperation with the user-sideinformation storage medium via the communication line. Therefore, it ispossible to deliver the encrypted content, encrypted content key, and soforth to only the eligible users.

(9) The medium information in the information storage medium (the mediumkey information and medium unique identifier written in the read-onlyarea of the information storage medium) is sent via the communicationline, the encrypted content, encrypted content key, and so fourth sentvia the communication line are written into the writable area of theinformation storage medium in which the medium information has beenwritten or into another storage medium, and the content is encrypted onthe basis of the medium information. Therefore, decryption is impossiblewithout the device information. As a result, even if the encryptedcontent and the encrypted content key are copied, neither the creationof the content key nor the decryption of the encrypted content can beperformed with a user-side terminal unit with no medium information orwith different medium information. Therefore, it is possible to limitthe viewing of illegally copied content.

(10) When the function of realizing copyright-protected content deliveryservices installed in the user-side unit is encrypted, various pieces ofinformation are acquired via the communication line, and authorizationinformation is created and issued. Alternatively, in the stand-alonestate where no communication line is used, authorization information iscreated independently. Then, startup is made according to theauthorization information. Therefore, a unit other than the registeredunits is prevented from receiving the services, which eliminates abuse.

(11) When content is delivered by copyright-protected content deliverservices, the most appropriate one (because of the lowest load or thelike) of the communication lines allowing delivery is selected,information about an estimated time until the delivery of the content ismade issuable, and the content delivery is started. Therefore, the loadon the user side is alleviated, which improves the usability.

(12) The option information, including information to show the contentviewing condition, and content control incidental information (e.g.,menu information, transition information within the content (e.g.,thumbnail and menu link)), external link information (e.g., connectionaddresses for the Internet), and guidance information (e.g., charactersand still pictures), is related to the encrypted content and theencrypted content key. The resulting information is encrypted as neededand is issued as encrypted option information via the communicationline. Therefore, it is possible to provide content delivery servicesmore suitable for the user, while improving the problem of informationleaks on the network.

(13) The designation of reserved delivery, such as by what time thecontent delivery is required to finish is made issuable, a plurality ofcandidates are selected, and the content is delivered in the order oftime closer to the present time or in the order of specified priority.Therefore, restrictions on the user's utilization time are removed,which enables efficient delivery.

(14) The content viewing condition (including information representingthat the content has a limited viewing period, allowed viewingdate-and-time (period) information, information about limits to writinginto an information storage medium, content protect information, agelimit information, barrier-free environment information (including signlanguage type and identification information) are accepted, encrypted asneeded, and issued. Therefore, it is possible to set suitable viewinglimits according to the user's request or usage restriction.

(15) The accurate date and time are acquired from a known date-and-timeissuing unit or the like via the communication line and the held dateand time are issued to the requester according to the request. The timermounted in the user-side unit uses a date-and-time holding system thatcannot be set from the outside. Alternatively, even when the timer canbe set, the date and time of the server are externally updated to thelatest date and time in synchronization with the server side. Thisprevents illegal use, such as lifting time limits by shifting the dateand time on the user side.

(16) A check is made if the encrypted content, the encrypted contentkey, and others delivered via the communication line have been writtenproperly into the writable area of the information storage medium, thedate-and-time information is acquired from the timer in item (15), andthose pieces of information are issued to the copyright-protectedcontent delivery service provider side. Therefore, the final result ofthe information delivered on the delivery service provider side can bechecked and the suitable charging process can be carried out.

(17) When the encrypted option information in item (14) is received, itis encrypted using the authorization information in item (10) to get theoption information. Then, various pieces of identification information,information about the content viewing condition, content controlincidental information (e.g., menu information, transition informationwithin the content (e.g., thumbnail and menu link)), external linkinformation (e.g., connection addresses for the Internet), and guidanceinformation (e.g., characters and still pictures) are analyzed. A checkis made on the basis of the resulting information. On the basis of theresult of the check, the limit of operation is controlled and thestorage information is updated or stored. In addition, theoption-specified information is written into the writable area of theinformation storage medium as needed. Therefore, the option specifyingprocess can be carried out easily and safely.

(18) When data is written into the information storage medium, if thecontent viewing condition is of the limited-period content viewing type,that is, of the conditional viewing type permitting contents to beviewed only in a specific period, information representing the contentviewing type and date-and-time information are encrypted. The encryptedinformation is stored into the storage medium of the user-side unit orwritten into the writable area of the information storage medium intowhich the encrypted content and the encrypted content key are written.Therefore, when the condition is not met, the viewing of the content canbe prevented, which improves the copyright protection more.

The content key corresponding to the encrypted content key is selectedin accordance with the contest ID information and is then issued. Hence,any other content, if available, cannot be viewed at all.

(20) The encrypted content key is created from the information in theinformation storage medium (the medium key information and medium uniqueidentifier written into the read-only area of the information storagemedium). In addition, the encrypted content key is also created in sucha manner that it includes various pieces of identification information,information about the content viewing condition, content controlincidental information (e.g., menu information, transition informationwithin the content (e.g., thumbnail and menu link)), external linkinformation (e.g., connection addresses for the Internet), and guidanceinformation (e.g., characters and still pictures). Therefore, it ispossible to prevent the content from being written into anotherinformation recording medium or from being viewed with another unit.

(21) A viewing request from the user or the like is accepted. Then, theinformation in the information storage medium is read and a content keyis created on the basis of the device unique key information held in theuser-side unit, medium information in the information storage medium(the medium key information and medium unique identifier written in theread-only area of the information storage medium), and the encryptedcontent key written in the writable area of the information storagemedium. On the basis of the content key, the encrypted content isdecrypted so as to be presentable. Therefore, even if the content iscopied illegally onto another medium, the content key cannot be created,nor can the content be decrypted, which prevents the content from beingviewed.

(22) When the storage medium of the user-side unit or the informationstorage medium has option information, the information is read and apresentation process is carried out on the basis of the information.Therefore, both the service provider and the user can enjoy a variety ofservices by selecting arbitrary options.

(23) When the storage medium of the user-side unit or the informationstorage medium has a viewing condition, the condition is read, thedate-and-time information is acquired from the timer in item (15), acheck is made if the accumulated content has expired. If the accumulatedcontent has been expired, the user is informed of the expiration and thecontent is made unusable. Therefore, it is possible to deal with, forexample, a case where management by time limit is needed as in rentingcontent.

Additional advantages and modifications will readily occur to thoseskilled in the art. Therefore, the invention in its broader aspects isnot limited to the specific details and representative embodiments shownand described herein. Accordingly, various modifications may be madewithout departing from the spirit or scope of the general inventiveconcept as defined by the appended claims and their equivalents.

1. A content delivery service terminal unit comprising: a user accesscontent selecting unit which logs in to a user management control uniton the basis of authentication information and makes a content selectrequest on the basis of a delivery content list; a medium linkingcontent acquiring unit which acquires information about an informationstorage medium as medium information from the information storage mediumat the content select request and sends the information to a contentdelivery service providing unit, receives an encrypted content key andencrypted content from the content delivery service providing unit, andwrites them together into the writable area of the information storagemedium in which the medium information has been written, or separatelyinto the writable area of the information storage medium in which themedium information has been written and of another information medium;and a content presentation control unit which reads an arbitraryencrypted content and the corresponding encrypted content key from theinformation storage medium, decrypts the encrypted content key on thebasis of the medium information or the medium information and a terminaldevice unique key information, and decrypts the encrypted content on thebasis of the decrypted content key.
 2. The content delivery serviceterminal unit according to claim 1, wherein the user access contentselecting unit includes login means for logging in to the usermanagement control unit on the basis of previously presentedauthentication information and presenting the information requested, andcontent select requesting means for acquiring a delivery content selectlist presented by the user management control unit in the access,presenting the list, and informing the user management control unit ofthe content select request specified the user.
 3. The content deliveryservice terminal unit according to claim 1, wherein the medium linkingcontent acquiring unit includes information notifying means foracquiring the medium information from the information storage medium atthe content select request, and notifying the encrypted content keycontrol unit and the content delivery control unit of the mediuminformation or the medium information and the terminal device unique keyinformation, and information storage means for receiving the encryptedcontent key and the encrypted content from the encrypted content keycontrol unit and the content delivery control unit, and writing themtogether into the writable area of the information storage medium inwhich the medium information has been written, or separately into thewritable area of the information storage medium in which the mediuminformation has been written and of another information medium.
 4. Thecontent delivery service terminal unit according to claim 3, wherein themedium linking content acquiring unit further includes startup means forstarting up in response to the authorization information delivered fromthe content deliver service providing unit, making mutual authenticationwith the content delivery service providing unit, and giving aninstruction to execute the processes of the information notifying meansand the information storage means after confirmation of theauthentication.
 5. The content delivery service terminal unit accordingto claim 1, further comprising: date-and-time management means forexecuting processes on the basis of date-and-time information suppliedfrom the content delivery service providing unit.
 6. The contentdelivery service terminal unit according to claim 1, wherein the mediumlinking content acquiring unit, when receiving a content viewingcondition from the content delivery service providing unit, writes theviewing condition into the information storage medium in which themedium information has been written or into another information storagemedium, and the content presentation control unit, when decrypting theencrypted content and the encrypted content key, executes processes onthe basis of the content viewing condition.
 7. The content deliveryservice terminal unit according to claim 3, wherein the medium linkingcontent acquiring unit, when the encrypted content viewing conditionspecifies a viewing period, manages the content written into theinformation storage medium by date-and-time information and makes thecontent unusable from the information storage medium after the viewingperiod has expired.
 8. The content delivery service terminal unitaccording to claim 1, wherein the content presentation control unit,when at least one of the encrypted content and the encrypted content keyhas been written into a different information storage medium from theinformation storage medium into which the medium information has beenwritten, executes the process of reading and decrypting the encryptedcontent and the encrypted content key only in a state where theinformation storage medium in which the medium information has beenwritten is set.